Skip to main content

Audit Management Letters: Pay Close Attention to These Findings

MaryPat Davitz

April 21, 2021

If an auditor detects discrepancies or deficiencies while performing an employee benefit plan audit, the auditor will communicate these to the plan sponsor in a management letter included with the audit.

Management letters detail internal control-related problems or the failure of plan sponsors to fulfill their fiduciary duties. It’s important to address any items listed in the management letter promptly. Otherwise, errors could magnify and become more problematic and costly in the long run.

Fiduciary-Related Matters

ERISA defines fiduciary as a person who performs one of the following duties:

  • Exercises discretionary authority or control over the management of an employee benefit plan or the disposition of the plan’s assets;
  • Advises on plan funds or property for a fee or compensation, or has the authority to do so;
  • Has discretionary authority or responsibility in plan administration; or
  • Is designated by a named fiduciary to carry out fiduciary responsibility.

According to the ERISA Prudent Person/Exclusive Benefit Rule, fiduciaries are required to “discharge their duties solely in the interest of plan participants and beneficiaries, and for the exclusive purpose of providing benefits for them while defraying reasonable plan administrative expenses.”

More specifically, fiduciaries must perform their duties with the “care, skill, prudence, and diligence of a prudent person under the circumstances.” Duties must also be performed “in accordance with the plan documents and instruments” and fiduciaries must diversify plan investments “so as to minimize risk of loss under the circumstances.”

While ERISA doesn’t specify a degree of concentration that would violate the diversification requirement, it does state that fiduciaries should consider a few specific factors when making investment decisions:

  • The portfolio’s composition with respect to diversification,
  • The portfolio’s liquidity and current return relative to the plan’s anticipated cash flow requirements,
  • The risk of loss associated with plan investments, and
  • The projected return of the portfolio relative to the plan’s funding objectives.

Among the most common fiduciary duties of employee benefit plan sponsors are to review and reconcile plan statements, conduct investment team meetings, remit employee deposits on a timely basis, review plan investment options and performance, send required annual disclosure to plan participants, and follow plan documents.

Some plan sponsors hire third-party administrators (TPAs) to perform some of these duties, such as sending out annual disclosures. However, it remains the sponsor’s fiduciary duty to ensure that disclosures are sent on time.

Internal Control-Related Matters

Auditors are required to communicate with plan sponsors certain internal control deficiencies that are identified during an audit. These exist when the design or operation of a control does not allow management or employees to prevent, or detect and correct, misstatements on a timely basis. Internal control deficiencies can be categorized as one of the following:

Material Weakness This is a deficiency, or combination of deficiencies, in internal control in which there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.

Significant Deficiency This is a deficiency, or a combination of deficiencies, that is less severe than a material weakness but important enough to merit attention by those charged with plan governance.

Internal control deficiencies can be deficiencies in design or operation. A deficiency in design exists when a control necessary to meet the control objectives is missing or an existing control is not properly designed so that, even if the control operates as designed, the control objective would not be met.

Meanwhile, a deficiency in operation exists when a properly designed control does not operate as designed or the person performing the control does not possess the necessary authority or competence to perform the control effectively.

Streamline Plan Audits

Carefully reviewing the management letter can yield additional benefits beyond addressing fiduciary- and internal control-related matters. Management letters often contain guidance and suggestions for improving plan policies and procedures and boosting efficiency.

For example, by reconciling employee deposits on a monthly or quarterly basis, you might be able to identify and correct errors before they’re spotted by the auditor. This can streamline the audit and potentially reduce audit costs.

Do you have more questions about audit management letters? Give us a call —we’re here to help.

Unlock industry secrets.

Mueller Prost insights, delivered right to your inbox.

Sign Up.

Related Insights